Privacy Policy

We collect as little as possible. Crypto wagering doesn't need your real name, email, address, or government ID, and we don't collect any of that by default. We do collect: your wallet address (it's how we identify you), your IP (necessary for rate-limiting and abuse prevention), and your game history (necessary to determine payouts and run leaderboards).

From you, automatically

• Wallet public key — your Phantom (or equivalent) Solana wallet address, which serves as your identity
• IP address and approximate geolocation — for rate-limiting, abuse prevention, and regional restrictions
• Browser fingerprint — user-agent, screen resolution, timezone, only as exposed by your browser, used for anti-collusion detection
• Game activity — lobbies you join, wagers you place, results of games, payouts, deposits, withdrawals
• Session state — Socket.IO session IDs, authentication nonces (short-lived, never persisted)

From you, voluntarily

• Support tickets — name, email, and message content if you contact us via our support form
• Referral codes — the referral code (if any) from the URL that brought you to the site, stored briefly in your browser's localStorage

Generated by us, on your behalf

• Platform wallet keypair — a new Solana keypair we generate to hold your in-app balance. The private key is encrypted with AES-256-GCM before being stored. See the Fairness page for details.
• Referral code — a unique 6-character code assigned to your account so you can refer others

• Your real name (unless you tell us via support)
• Government ID (no KYC at this time)
• Your home address
• Credit card or bank details (we don't accept fiat)
• Social-media accounts
• Phone numbers

• To run the games — match you to lobbies, credit wins, deduct fees, return refunds
• To prevent abuse — detect multi-accounting, bots, and collusion via IP/wallet/behavior clustering
• For leaderboards and activity feed — your wallet address and game outcomes appear publicly on the leaderboard and the homepage activity ticker. (Wallets are public on-chain anyway.)
• For support — to respond to your inquiries
• For platform improvements — aggregate, non-identifying analysis of which games are popular, where players drop off, etc.

We do not sell your data, share it with advertisers, or use it for retargeting.

• Database: Managed Postgres hosted by Render (encrypted at rest, daily backups, point-in-time recovery)
• Wallet private keys: encrypted with AES-256-GCM using a 32-byte key stored only as a server environment variable. Each key has a unique initialization vector and authentication tag so tampering is detectable. The encryption key never leaves the server, never appears in logs, and is not stored in the database.
• Server logs: structured JSON via Pino, retained for up to 30 days on Render. We deliberately do not log private keys, sensitive request bodies, or session secrets.
• Transport: All traffic between your browser and our servers is TLS-encrypted (HTTPS / WSS)

No system is perfectly secure. In the event of a breach affecting your data, we will notify affected users via in-app banner and via email (if we have one on file) within 72 hours of confirmation.

We use the following third-party services to operate Sol Wager. Each processes only the data necessary for its role:

• Render (server + database hosting) — receives game-state data, encrypted wallet keys, logs
• Vercel (frontend hosting) — receives HTTP requests, serves static assets, can see your IP for routing
• Helius (Solana RPC) — sees your platform and personal wallet addresses when we query/transact on your behalf. Helius does not see your private key.
• Solana blockchain — all on-chain transactions are public and permanently recorded
• Resend (optional, email for support tickets only) — receives the contents of support tickets you send
• Jupiter (SOL price oracle) — we query current SOL/USD price; no user data is sent

Sol Wager does not use traditional tracking cookies. We use browser localStorage for:

• Pending referral codes (stored for up to 30 days so they survive wallet-connection attempts)
• UI preferences (game settings, theme defaults if any)

The Solana wallet adapter (Phantom, etc.) may store its own data locally. We have no control over that.

• Game history: retained indefinitely for leaderboards and accounting integrity
• Encrypted wallet keys: retained as long as you have a non-zero balance or active referral relationship
• Support tickets: retained for 1 year
• Server logs: up to 30 days
• Pending referral codes (localStorage): 30 days unless consumed

Depending on your jurisdiction, you may have rights to:

• Access the data we hold about you
• Correct inaccurate data
• Delete your data, subject to legal retention requirements
• Export your data in a portable format
• Object to certain processing

To exercise any right, submit a request via the support form including the wallet address whose data you want acted on. We will respond within 30 days. We may need to verify ownership of the wallet (typically by requesting a signed message from it).

Sol Wager is operated from servers in the United States and European Union. By using the Service, you consent to having your data processed in those locations. If you are in a country with stricter privacy laws (e.g., EU GDPR, UK GDPR, Brazil LGPD), those laws apply to our handling of your data.

Sol Wager is not for users under 18. We do not knowingly collect data from minors. If you believe a minor has connected a wallet, please contact us and we will close the account.

We may update this Privacy Policy. Material changes will be announced via in-app banner. The "Last updated" date at the top reflects the most recent change.

Privacy questions: support form or solwagersupport@gmail.com.